Thursday, June 12, 2014

How to kill the dhcp daemon or any daemons on a fortigate appliance

This is my unofficial how to kill the dhcpd daemon on the fortigate. This can be used for multiple purpose and or to kill other process. Use at  your own risk and YMMV.

note: Fortinet TAC doesn't like for you to know this cmd but it will not harm anything and has limited shell access.

The  fnsysctl  is a cli command that fortinet-TAC does not speak too much  about. It allows for a single shell execution of limited unix executables ( ls, cat, ps, mount, more, grep, df, etc...). It can be a dangerous command for learning some of  the inside working of a fortigate. And if your knowledge of linux/unix is strong like mine, you can find numerous &  creative ways for using this command.

e.g ( determing my  FWF60D  linux kernel version, diskfile size and mount command  )

Okay to find and kill the dhcp process or any proc as far as that goes, you have to understand that  most process create a  "pid" ( process id ). You can use the diag sys top command to find  the top process , but I have a few tricks  that you can use to find  the one process  that 's of interest.

1: by  using the "ps" command


note: just search thru the list of running process

2:  uses the "ls"  command  against the  /var/run directory

 NOTE:  the var/run directory typically holds  the proc pid in the shape and fashion of ;

/var/run/<process daemon name>.pid


3:  by issuing  the "diag sys top 25 100"  command 

NOTE: I'm using a delay of 25 secs and 100 lines so  I can quickly scan thru most,  if not all of the  pids

Once you found the  pid file name, you can "cat" or "more" the file name of  interest;

e.g ( here I'm using the "more" command against 2  pid files )

Okay, so now that you found the pid(s) that you want to kill.

 How do you kill it ?

Will you could hire her, but that could be  a expensive and bloody encounter.


Use the  diag sys kill command or  even use  the fnsysctl command.

e.g ( showing various ways to kill the process and rechecking for the new pid # )

So that's how you kill a fortigate process using the cli . When ever you kill a process is great to recheck that the proc has restart and to monitor any logs entries.

 Doing this, can help ensure  a 100% functional process and the daemon is working.

My last trick & knowledge share,  this same command  ( fnsysctl ) is available on  the fortimail and with a lot more binaries available.

Ken Felix
Freelance Network /Security Engineer
kfelix   a-t  socpuppets  d-o-t  com

1 comment:

  1. The fnsysctl command does not return anything on FortiMail 5.1.5.